Channels

Services

Avast executes code from CAB files

Security services provider n.runs has discovered a vulnerability in Alwil's Avast anti-virus product which allows attackers to inject malicious code onto affected systems using crafted CAB and SIS files. The flaw is due to an integer typecast in the routine for processing this file format, and results in a buffer overflow. Avast versions prior to 4.7.700 are affected. Alwil is distributing patches to fix this security vulnerability via the automatic update mechanism.